Re: 49.55.50.46

bereits · ‎11-09-2018

Has anyone noticed unusual traffic leaving to a public IP address 49.55.50.46 on the switch?

Daniele Giordano · ‎11-09-2018

Hi, according to APNIC whois db, the indicated IP is part of:

inetnum:	49.52.0.0 - 49.55.255.255
netname:	SHR-CERNET
descr:	China Education and Research Network
descr:	Shanghai Regional Network
country:	CN
admin-c:	CER-AP
tech-c:	CER-AP
status:	ALLOCATED PORTABLE
remarks:	origin AS4538
remarks:	confederation
mnt-by:	APNIC-HM
mnt-lower:	MAINT-CERNET-AP
mnt-routes:	MAINT-CERNET-AP
mnt-irt:	IRT-CERNET-AP
last-modified:	2013-08-08T23:40:59Z
source:	APNIC

The AS4538 number is one of the Top 20 Route Count per Originating AS as described in this link:

https://www.cidr-report.org/as2.0/

If you see something strange you can send an email to

% Abuse contact for '49.52.0.0 - 49.55.255.255' is 'abuse@net.edu.cn'

What type of traffic have you seen?

Regards.

bereits · ‎11-09-2018

It is Netflow Traffic and I also scanned several machines intensely for virus and adware with no luck. All of the running services are valid.

I haven't configured any switch to direct traffic to this Public IP Address..and I still don't know where 49.55.50.46 came from.

This is very unusual...Is this behavior illicit or admissible in nature ??

Daniele Giordano · ‎11-09-2018

Can you post logs, transport protocols and ports?

Regards.